CSSLP Question #353: Real Exam Question with Answer & Explanation

The correct answer is D: DoD 5200.40. DoD Directive 5200.40 established the Defense Information Technology Security Certification and Accreditation Process (DITSCAP) as the mandatory C&A framework for all DoD information systems. DITSCAP has since been superseded by the DIACAP and later the RMF.

Secure Software Deployment, Operations, Maintenance

Question

Which of the following DoD directives defines DITSCAP as the standard C&A process for the Department of Defense?

Options

ADoD 8910.1
BDoD 5200.22-M
CDoD 8000.1
DDoD 5200.40

Explanation

DoD Directive 5200.40 established the Defense Information Technology Security Certification and Accreditation Process (DITSCAP) as the mandatory C&A framework for all DoD information systems. DITSCAP has since been superseded by the DIACAP and later the RMF.

Common mistakes.

A. DoD 8910.1 is not a recognized directive defining DITSCAP.
B. DoD 5200.22-M refers to the National Industrial Security Program Operating Manual (NISPOM), which covers safeguarding classified information in industry, not the DITSCAP process.
C. DoD 8000.1 is related to the Management of DoD Information Resources and Information Technology, a broader directive that does not specifically define DITSCAP.

Concept tested. DoD DITSCAP Directive

Topics

#DITSCAP#C&A#DoD Policy#Security Directives

Community Discussion

No community discussion yet for this question.

Full CSSLP Practice Browse All CSSLP Questions